1. Field of the Invention
The present invention relates generally to the field of information leak prevention. More specifically but not exclusively, the present invention deals with methods for an efficient identification of attempts to steal private and confidential information using information stealing software and phishing.
2. Description of the Related Technology
The information and knowledge created and accumulated by organizations and businesses are among their most valuable assets. As such, keeping the information and the knowledge inside the organization and restricting its distribution outside of it is of paramount importance for almost any organization, government entity or business, and provides a significant leverage of its value. Unauthorized dissemination of intellectual property, financial information and other confidential or sensitive information can significantly damage a company's reputation and competitive advantage. In addition, the private information of individuals inside organizations, as well as the private information of the clients, customers and business partners includes sensitive details that can be abused by a user with criminal intentions.
Another aspect of the problem is compliance with regulations with respect to information: Regulations within the United States of America, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley act (GLBA) and the Sarbanes Oxley act (SOX) mandate that the information assets within organizations be monitored and subjected to an information management policy, in order to protect clients privacy and to mitigate the risks of potential misuse and fraud. Information and data leakage therefore poses a severe risk from both business and legal perspectives.
One of the emerging threats regarding the privacy and the confidentiality of digital information is Information Stealing Software, such as Trojan Horses and “Spyware”. Such software may be installed on the computer by malicious users that gained an access to the user's computer or by “infection” e.g., from a web-site, an email or shared files in a file-sharing network. The Information Stealing Software can then detect sensitive or confidential information—e.g., by employing a “key logger” that logs keystrokes, or by searching for confidential information within the user's computer and sending it to a predefined destination.
Current attempts to deal with Information Stealing Software are based mainly on detection of their existence in the host—e.g., by looking at their signatures. However, as these types of software are carefully designed to avoid such detection, the effectiveness of this approach is limited.
Another aspect of information stealing is known as “phishing & pharming”. In phishing attempts users are solicited, usually by officially-looking e-mails, to post their sensitive details to web-sites designed for stealing this information. There have been many attempts to mitigate phishing risks, such as helping users identify legitimate sites, alerting users to fraudulent websites, augmenting password logins and eliminating phishing mail. Yet, effective phishing attacks remain very common.
Pharming attacks aim to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. Current attempts to mitigate risks of pharming, such as DNS protection and web browser add-ins such as tool bars are of limited value.